From owner-freebsd-security  Tue Nov  3 22:07:13 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA25896
          for freebsd-security-outgoing; Tue, 3 Nov 1998 22:07:13 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA25887
          for <FreeBSD-security@freebsd.org>; Tue, 3 Nov 1998 22:07:11 -0800 (PST)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zaw5n-0003W4-00; Tue, 3 Nov 1998 23:06:55 -0700
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id XAA26928; Tue, 3 Nov 1998 23:06:52 -0700 (MST)
Message-Id: <199811040606.XAA26928@harmony.village.org>
To: Nicholas Charles Brawn <ncb05@uow.edu.au>
Subject: Re: [rootshell] Security Bulletin #25 (fwd) 
Cc: FreeBSD-security@FreeBSD.ORG
In-reply-to: Your message of "Wed, 04 Nov 1998 16:29:40 +1100."
		<Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au> 
References: <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au>  
Date: Tue, 03 Nov 1998 23:06:52 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au> Nicholas Charles Brawn writes:
: find . -exec grep sprintf {} \; |wc -l 
: And came up with 138 lines. Just having sprintf() in your code is not

True.  If you look close at all of those, you will find that they are,
for the most part, bounds checked in the code.  While that doesn't
pass the grep test, it does tend to make things more secure.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message